ELYRIA, Ohio– An employee has been terminated after it was discovered that the person accessed medical records of patients they did not have the authority to access, according to University Hospitals Elyria Medical Center.

The records accessed were not a part of the employee’s regular duties. The incident was discovered on May 13 and an investigation was launched soon after.

UH said the records of 297 patients were accessed. The information accessed includes names, dates of birth, medical record numbers, dates of service and diagnostic and treatment information. A few patients may have had their addresses, telephone numbers and name of health insurers accessed as well.

There was no Social Security numbers or financial information accessed. UH said it is not aware of any fraud, identity theft or misuse of information from this incident.

All patients were notified and given a number to call for more information about what details were accessed within their files.

Law enforcement has been notified of the issue as well. UH also said:

“UH Elyria Medical Center takes the protection and security of its patients very seriously. We are committed to maintaining the privacy of our patients’ information and have taken many precautions to safeguard it. We continually evaluate and modify our practices to enhance the security and privacy of our patients’ information, including the education and counseling of our workforce regarding patient privacy matters.”